Steve Boardwell sboardwell
sboardwell
/ seed-job.groovy
Created
August 7, 2019 21:51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pipeline { | |
| options { ... } | |
| parameters { ... } | |
| agent { ... } | |
| stages { | |
| stage('Test') { | |
| when { |
sboardwell
/ myvalues.yaml
Created
August 7, 2019 21:17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| jenkins: | |
| Master: | |
| Image: my-company/my-project/jenkins-x-image | |
| ImageTag: 0.0.70-2 | |
| Persistence: | |
| mounts: | |
| - name: jenkins-security-secrets | |
| mountPath: /etc/jenkins-secrets | |
| readOnly: true | |
| volumes: |
sboardwell
/ myvalues.yaml
Created
August 5, 2019 22:47
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| jenkins: | |
| Master: | |
| Image: my-company/my-project/jenkins-x-image | |
| ImageTag: 0.0.70-2 | |
| Persistence: | |
| mounts: | |
| - name: jenkins-security-secrets | |
| mountPath: /etc/jenkins-secrets | |
| readOnly: true | |
| volumes: |
sboardwell
/ authz_strategy_config
Created
August 5, 2019 22:38
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ cat google-oauth-config | |
| ...someClientID... | |
| ...someClientSecret... | |
| $ cat authz_strategy_config | |
| { | |
| "strategy": "GlobalMatrixAuthorizationStrategy", | |
| "user_permissions": { | |
| "authenticated": [ |
sboardwell
/ refresh-jx-platform.sh
Last active
August 5, 2019 21:15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Execute with: | |
| # ./refresh-jx-platform.sh | |
| # or pass the JX_VERSION | |
| # JX_VERSION=2.3.333 ./refresh-jx-platform.sh | |
| set -eu | |
| export JX_HOME=$(mktemp -d) | |
| if [ -z "${JX_VERSION:-}" ]; then |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| jenkins: | |
| Master: | |
| Image: my-reg/my-company/jenkins-x-image | |
| ImageTag: 0.0.70-1 |
sboardwell
/ jenkins-github-oauth.groovy
Last active
August 4, 2019 11:41
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SecurityRealm | |
| import jenkins.model.Jenkins | |
| import hudson.security.SecurityRealm | |
| import org.jenkinsci.plugins.GithubSecurityRealm | |
| clientID = null | |
| clientSecret = null | |
| securityRealm = null | |
| // secret sanity check |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| die() { echo "$@" 1>&2 ; exit 1; } | |
| dieGracefully() { echo "$@" 1>&2 ; exit 0; } | |
| confirm () { | |
| # call with a prompt string or use a default | |
| read -p "${1:-Are you sure?} [y/N]" -n 1 -r | |
| [ -n "$REPLY" ] && echo # (optional) move to a new line | |
| if [[ ! $REPLY =~ ^[Yy]$ ]]; then | |
| dieGracefully "Received '${REPLY:-N}'. ${2:-Exiting gracefully}." |
sboardwell
/ untitled
Created
June 25, 2019 14:39
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ kubectl -n kube-system get certificates | |
| NAME READY SECRET AGE | |
| jxing-nginx-ingress-controller-wildcard-prod True jxing-nginx-ingress-controller-wildcard-prod-tls 5d | |
| jxing-nginx-ingress-controller-wildcard-staging True jxing-nginx-ingress-controller-wildcard-staging-tls 11d |
sboardwell
/ add_certificates_function.sh
Last active
June 25, 2019 13:27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| add_certificates() { | |
| local envType=$1 | |
| local secretName ns | |
| kubectl apply -f <(sops -d cert-manager-utils/01-clouddns-service-account.yaml) | |
| kubectl apply -f <(sops -d cert-manager-utils/01-cloudflare-api-key.yaml) | |
| kubectl apply -f cert-manager-utils/02-clusterissuer-${envType}.yaml | |
| kubectl apply -f cert-manager-utils/03-cluster-certificate-${envType}.yaml | |
| # get the secret name | |
| secretName=$(cat cert-manager-utils/03-cluster-certificate-${envType}.yaml | docker run -i --rm evns/yq yq -r '.spec.secretName') |